diff options
| author | Georg Ehrke <dev@georgswebsite.de> | 2012-04-26 17:55:00 +0200 |
|---|---|---|
| committer | Georg Ehrke <dev@georgswebsite.de> | 2012-04-26 17:55:00 +0200 |
| commit | 40f95ffdf3edf9ab45c15bd5b9018d7f4d92baa9 (patch) | |
| tree | af8aeba6f15770a2d07e9489dfc9490572b0d2e6 /core/js | |
| parent | 0249a72caba9f1a4eeaf51f382a74fe61b66c284 (diff) | |
| download | nextcloud-server-40f95ffdf3edf9ab45c15bd5b9018d7f4d92baa9.tar.gz nextcloud-server-40f95ffdf3edf9ab45c15bd5b9018d7f4d92baa9.zip | |
fix security check for the path of the requested file
Diffstat (limited to 'core/js')
| -rw-r--r-- | core/js/js.js | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/core/js/js.js b/core/js/js.js index 84875ca162f..12303d7dd91 100644 --- a/core/js/js.js +++ b/core/js/js.js @@ -53,13 +53,12 @@ OC={ filePath:function(app,type,file){ var isCore=OC.coreApps.indexOf(app)!=-1; var link=OC.webroot; - var splitted = file.split('?'); - if((splitted[0].substring(splitted[0].length-3) == 'php' || splitted[0].substring(splitted[0].length-3) == 'css') && !isCore){ + if((file.substring(file.length-3) == 'php' || file.substring(file.length-3) == 'css') && !isCore){ link+='/?app=' + app + '&getfile='; if(type){ link+=encodeURI(type + '/'); } - link+= file + '?' + splitted[1]; + link+= file; }else if(file.substring(file.length-3) != 'php' && !isCore){ link=OC.appswebroot; link+='/'; |